Digital sovereignty through open source: cure-all or fallacy?

April 2026

Autor: Sadrick Widmann

Open source has become an integral part of modern software development.
No application, platform, or cloud architecture today can function without open-source components. From operating systems and databases to container technologies and frameworks: a large part of today’s digital infrastructure is based on open-source projects.

And this is no longer just about individual libraries or developer tools. Many open-source projects have evolved into central building blocks of modern IT architectures. Since these projects, in turn, are themselves built on or utilize other open-source components, a complex chain of dependencies a technological supply chain emerges.

As a result, individual projects can suddenly take on enormous significance for entire systems or platforms. Particularly noteworthy are seemingly small projects that are maintained by just a few developers – sometimes even by a single maintainer – yet have achieved widespread adoption and significance in the global software landscape.

This is nothing unusual. Software development has always operated on this principle: building on existing solutions and prioritizing reusability rather than developing everything from scratch or on one’s own. This is precisely one of the most important reasons for the tremendous speed and innovative power of modern software development.

This is exactly why open source plays a central role in IT today.

But open source has long since become more than just a development model. For many, it has become a conviction, sometimes almost an ideology.

In this context, open source is sometimes seen today as a strategic response to questions of technological independence. But this raises a crucial question:

Is open source the easy solution to achieve digital sovereignty or is that expectation too simplistic?

Every technology decision creates dependencies

When discussing open source, one argument is often emphasized in particular: open source is supposed to help reduce dependence on individual vendors and thereby strengthen digital sovereignty.

The reasoning behind this is understandable. If the source code is open, you can review it, modify it, or further develop it yourself. In theory, this provides greater control over the technology being used.

But the reality is somewhat more complex.

This is because every technological decision – whether open source or proprietary – is part of an overarching IT strategy and influences the long-term use of solutions as well as their management. This creates new dependencies. Those who use software are always dependent on various factors:

release cycles
security updates
platform development
ecosystem stability
and the people who develop this software

Open source is no exception here. The dependency doesn’t disappear; it simply shifts from a “paid” product to an “open source” product.

Companies are behind many open-source projects

Another point is often underestimated in the discussion: most relevant open-source projects don’t emerge in a vacuum. Many of these projects are closely tied to economic interests, standards, and long-term investments. Behind them are often companies or organizations that:

fund developers
provide infrastructure
drive roadmaps
and enable long-term further development

This isn’t necessarily a bad thing. On the contrary: without these structures, many projects wouldn’t exist at all or wouldn’t achieve the necessary stability.

However, it also means that a project’s development isn’t automatically driven by an “anonymous” community. In many cases, a small number of organizations or maintainers play a decisive role in determining:

which features are prioritized
which architectural decisions are made
and in which direction the project develops

Simply put: whoever pays the developers inevitably influences the development of open source software.

Digital Sovereignty & open source: the illusion of complete control

One idea keeps coming up in discussions about open source: “If we don’t like something, we can always take over the code.”

At first glance, this sounds plausible. After all, the code is openly accessible, and the license terms usually allow you to use, modify, or further develop it. In theory, you could fork it and continue developing it yourself.

But in practice, this means something entirely different. Anyone involved in software development knows what this really entails. Anyone who wants to continue a project independently suddenly takes on responsibility for:

further development
security updates
release management
architectural decisions
long-term maintenance

In other words: you are suddenly running your own software product.

And this is precisely where the real challenge lies. Most organizations want to use software, not become software developers themselves. So the option to take over the code does exist. In reality, however, it is rarely a viable option. Especially when it comes to security-critical systems and sensitive data, it becomes clear that maintaining complete control over software is difficult to achieve in practice.

Open source is not static either

Another point is often overlooked: open-source projects continue to evolve – organizationally, technically, and economically.

Maintainers change.
Roadmaps change.
Communities shift.

And licensing models can change as well.

There have been several prominent examples of this, particularly in recent years. Projects such as MinIO, Redis, Elastic, and Terraform have adapted their licensing models or placed greater emphasis on commercial variants. For companies that have heavily relied on these technologies, this can have significant implications for their architecture, cost structure, or long-term strategy. Changes to licensing models or structures can also impact regulatory requirements and a company’s strategic goals.

Companies involved in successful open-source projects often develop commercial versions, support models, or alternative licensing strategies. Open source reduces certain risks, but it does not eliminate them.

Open source is valuable – but it’s not a cure-all

None of this means that open source is problematic.

On the contrary. Open standards and open-source software are essential. Many of the most important technologies of our time are developed in open projects. Open source enables innovation, collaboration, and transparency on a global scale.
At Widas, we also make a conscious and deliberate choice to use open source for our products cidaas, cnips, and clavik.

Open source offers many benefits, such as innovation, transparency, and flexibility. However, these advantages are independent of the issue of digital sovereignty. The crucial point, however, is another:

Is open source a cure-all? No.

Open source does not relieve us of the need to make conscious technological decisions, and it is precisely these conscious decisions that form the foundation of digital sovereignty. Especially in the context of digital transformation and increasing digitization, it becomes clear that open source is an important building block, but not the sole lever for the future.

Rather, open source is part of the technological diversity from which companies can choose. Like any other technology, it expands the toolbox but does not replace the responsibility to make conscious architectural decisions.

A good example of this are cloud platforms built on technologies such as OpenStack. While a common technological foundation can facilitate interoperability, it by no means rules out vendor lock-in. What matters, therefore, is not only the underlying technology, but also whether providers offer clear and realistic exit paths and do not restrict them with unnecessary hurdles, costs, or proprietary extensions.

Especially in Europe and at the national level, the question of sovereign technologies and digital infrastructures is becoming increasingly important.

Conclusion: digital sovereignty with open source?

Open source is and remains valuable. However, digital sovereignty and open source are not one and the same: it does not replace strategy, governance, or responsibility.

It is important to emphasize that digital sovereignty does not arise from complete control over every single technology. Rather, what is crucial is the ability to consciously select digital solutions, manage their use, and actively shape dependencies.

Companies that clearly define their strategy, keep track of their data, and make well-considered technological decisions lay the foundation for sustainable digital independence.